4 new”extremely” areas of encryption

Wednesday, October 14, 2020, 10:29 GMT

In the area of data access, the “shield and blade” war is underway, consuming all the new developments. For instance, security experts are planning to repel the attempts of intruders to crack ciphers using quantum computers that have not yet become a fully-fledged operating method, including those that, one may claim, do not yet exist.

Fight for “new oil”

Data is the new gasoline, the distinction being that the “gasoline” can be drained out by an intruder in the IT environment. Spending on information security is also increasing steadily. Gartner analysts estimate that sales of defense goods will grow by 2.4 percent to $123.8 billion even in the current year, when the entire IT industry is dramatically declining. Compared to the 8-10 percent growth experienced in the past by the information security industry. The years (which were scheduled back in December 2019 for the current year) are not sufficient, but under the impact of the coronavirus outbreak, almost all other parts of the IT industry will decrease completely.

World spending on information security in 2020, $ million

Costs in 2019
Costs in 2020
Growth 2020/2019 (%)

Application security30953 2876.2%
Cloud Security43958533.3%
Data security266228527.2%
Identity and Access Control (IAM) Systems983710.4095.8%
Infrastructure protection16 52174835.8%
Integrated Risk Management (IRM)4.55547313.8%
Network protection equipment1338711694-12.6%
Other software2 20622733.1%
Cybersecurity services61,97964 273.7%
Consumer software62546 235-0.3%
Total:120934123 8182.4%
Gartner, 2020

Yet amid the fact that billions are spent in maintaining data security, knowledge about data breaches from the biggest (and, thus, a lot of data security spending) businesses happens every now and then. Businesses’ digital transition significantly expands the amount of artifacts from which criminals can access to corporate information systems. And the new developments in IT are helping them crack even well-established defenses, such as artificial intelligence.

There is some good news, however. Standard algorithms such as the Stable Hash Algorithm (SHA) and Advanced Encryption Standard ( AES) are still resilient against attacks, according to Peter Wayner, book author and IT expert. Any of their implementations have been too unstable, such as SHA1, but the overall image is far from devastating.

This is no excuse to relax, though, says Peter Weiner. There are new problems ahead that will include jobs for many years to come for cryptographers. He outlined the 4 hottest fields of cryptography in an essay for CSO news.

  1. Phantom threat: “Quantum computers are not yet available, but they are still finding defense against them.”
    Quantum computers can pose a modern encryption problem. This is far from it, too far, but protection is a place where in the summer sledges are trained.

Since 2016, “quantum-stable” (or “post-quantum”) algorithms have been selected by the American National Institute of Standards and Technology (National Institute of Standards and Technology). “Of the 69 original entrants, 15 remained in the third round of competition last summer, of which 7 were named” finalists “and 8 were named” alternatives “(are intended for or are still being finalized for niche applications). NIST stated that their plans have been confused by the coronavirus pandemic, but the institute hopes to announce new algorithms as early as 2022.

The challenge in determining the “right” algorithm is that researchers are attempting to simulate attacks that could come from non-existent computers. The accomplishments of quantum computers in all fields are still limited, and the expense of them is prohibitive.

Therefore, many assume that, rather than quantum supercomputers, cryptography methods should be cautious of freely accessible cloud clusters for the near future.

Work is also ongoing in Russia in the area of quantum cryptography. In April 2020, Quantum Communications, the NTI Competence Centre, established a way to improve quantum cryptography’s level of security. ‘Rostelecom’ coordinated the optical transmission line for the delivery of quantum cryptographic keys in September 2020. And all in all, by 2024, the country will spend 11.2 billion rubles on the development of quantum communication (impossible without adequate encryption methods).

  1. Non-decryption processing: homomorphic encryption
    Another promising way is to explicitly coordinate, without decrypting, work with encrypted data. As more and more information reaches the cloud infrastructure, the importance rises, which may not be as well covered from a security point of view as on site. The possible “insecurity” of cloud systems becomes less significant if the data stays encrypted during transmission.

Homomorphic encryption is a type of encryption that enables you to execute some encrypted data mathematical operations and produce an encrypted result that corresponds to the outcome of operations performed on known data. The implementation of homomorphic encryption software made it possible, without opening the data itself, to offer different services dependent on data.

Homomorphic encryption was of solely theoretical interest for a long time, as it took very large computational resources to operate with it. However, even more focus has been paid to it in the last decade, due to the development of new algorithms.

Practical implementations also exist for homomorphic encryption tools. For all common platforms except Windows (macOS, iOS , Android, and Linux), IBM recently released the Fully Homorphic Encryption toolkit. For instance, it allows you to check bank records while preserving the secrecy of the documents. Microsoft has also published its catalog, its solution is optimal for addition and multiplication operations, but it does not allow encrypted data browsing.

Microsoft and Google jointly launched related open source software for those wishing to explore. The first company’s methods for dealing with SQL data and data processed and evaluated in Azure are “sharpened”. “More” general “is Google Repositories. In C + +, their most usable version is introduced, but the business is porting Java and Go features.

In fact, such methods are still in use, since the US Census Bureau started introducing them in 2008 , for example. It was important to strike a balance between preserving the privacy information of people and the ability of corporations to use people’ data in their business. Data for the 2020 Census is expected to be given using distinct confidentiality instruments.

  1. And again the blockchain
    Cryptographic research is still a hot topic in the field of cryptocurrencies, since they are based on both virtual currencies themselves and the corresponding blockchain solutions.

In this field, one of the most active directions in the growth of cryptography is to boost privacy by incorporating “zero information proof.”

Zero-knowledge proof is an interactive cryptographic protocol that enables the “verifier” to verify the validity of a statement by one of the communicating parties, without having any other “proof” information from the other party. The whole challenge lies in demonstrating that without revealing its substance, one of the parties has knowledge.

In order to authenticate transactions, the earliest protocols used basic digital signatures. Even more powerful iterations of zero awareness data have recently been produced that allow you to validate a transaction without sharing any additional detail.

In Russia, they will invest about 36 billion on “distributed ledger technology” (the most popular of which is the blockchain) by 2024. Among other stuff, a zero-knowledge-proof algorithm is planned to invest money on systems-and there will be 4 such systems in 2030.